Cisco Umbrella

Umbrella logs are CSV formatted, compressed (gzip), and saved every ten minutes.
Umbrella reports are based on logged data. When the Log Management page displayed the upgrade option.
a. Navigate to Admin > Log Management.
b. Click Upgrade.

You can also configure logging so that logs are also stored to an Amazon S3 bucket either your own or one managed by Cisco.
By default, Umbrella saves your event data logs to Cisco's California location. however, you can change the location of the data warehouse at any time.
Logging to Amazon S3.
Give Full administrative access to Cisco Umbrella.
Enable Logging:-
a. Navigate to Admin > Log Management and select Use a Cisco-managed Amazon S3 bucket.

b. Select a Region and a Retention Duration

c. Click Save and then Continue to confirm your settings

d. When activation is complete, the Amazon S3 Summary page appears.

e. Copy credentials from this page and store them in a safe place. This is the only time that the Access and Secret keys are made available to you. These keys are required to access your S3 bucket and download logs. If you lose these keys they must be regenerated.

f. Once keys are copied and safe, check Got it and then click Continue.

g. Summary page

h. Please share keys to BluSapphire.

Note: - if you need more information please find below link

https://docs.umbrella.com/deployment-umbrella/docs/log-managemen

PreviousConfiguring Mimecast for Log Collection via API NextCisco Duo

Last updated 13 days ago